Obama fails to address NSA encryption-defeating methods, backdoors

U.S. President Barack Obama failed to address the National Security Agency's reported efforts to weaken encryption standards and circumvent online encryption technologies in a speech Friday about surveillance reform.

U.S. President Barack Obama failed to address the National Security Agency's reported efforts to weaken encryption standards and circumvent online encryption technologies in a speech Friday about surveillance reform.

In December, the Obama-appointed Review Group on Intelligence and Communications Technology made several recommendations focused on supporting strong encryption and other Internet security measures, noted Greg Nojeim, director of the Center for Democracy and Technology's Project on Freedom, Security and Surveillance.

The review group also recommended that the NSA, when it discovers security exploits, should share the vulnerabilities with developers. "The president didn't mention this recommendation at all, and that is troubling," Nojeim said.

"Obama missed an opportunity to speak to one of the biggest problems revealed in the surveillance disclosures," added Alex Fowler, global privacy and public policy leader at Mozilla.

A secure Internet is essential to protect free speech and privacy and for innovation and commerce, Fowler said by email. "For our government to work to undermine strong encryption, stockpile and maintain vulnerabilities, and promote backdoors in mainstream communications systems sacrifices individual and commercial security on the altar of intelligence gathering," he said.

The lack of a plan to address the NSA's anti-encryption efforts and its attempts to exploit backdoors will erode the confidence people have in the Internet, said Bob Hinden, chairman of the Internet Society's Board of Trustees. "You don't know who to trust," he said. "A lot more needs to be said about limiting that kind of surveillance to things that are necessary, and just not collecting it for collection's sake."

Obama's speech focused more on a telephone records collection program than on overseas Internet surveillance programs, Hinden said. NSA reforms need to recognize the negative effects that surveillance has had on the Internet, he said.

Obama's proposals took some positive steps "to restore confidence in how the U.S. government gathers intelligence and protects the privacy of individuals," said Daniel Castro, senior analyst with the Information Technology and Innovation Foundation, a tech-focused think tank. But the proposals didn't go far enough, he said in a statement.

Obama "should clearly and unequivocally state that the policy of the U.S. government is to strengthen, not weaken, cybersecurity and renounce the practice of having intelligence agencies work to introduce back doors and other vulnerabilities into commercial products," he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.